Stanford University School of Earth Science
 
Home
News
New Users
Policies
Email
Web Hosting
Get Help
Net Connections
Macintosh
Windows PC
Unix/Linux System
Pangea Server
    Use Policy
   Account Info
   Account Mgt
   Passwords
   Logging In
   Email Services
   Posting Events
   Web Hosting
   File Storage
   File Transfer
   Printing
   FAQ
School Resources
Using Unix

Computer access: SUNet ID versus pangea password

Last revision July 21, 2004

Your local pangea password will be needed for some non-kerberized services such as plain text telnet logins (from systems that do not have the PCLeland or MacLeland kerberos clients), ssh logins, ftp (network file transfer), AppleShare, and Windows file/printer access. For many of these services, the local password travels across the network in plain text. Thus, the local password can potentially be captured by a hacker running a network "sniffer", particularly if you connect from an off-campus site. This has happened several times in the past for pangea accounts. If a hacker gets your pangea local password, you don't want him to be able to use that same password to access all SUNet services, including your student or personnel records. So make the local pangea password different than your SUNet password.

Pangea will accept kerberized command (telnet) logins and email (POP) connections, using your SUNet ID name and password. Of course, you must have an actual pangea account. This is the preferred login method.

Pangea will also accept ssh version 1 command (telnet) logins and file transfers. In this case, you must use your pangea account name (almost always the same as your SUNet ID name) and your local pangea password, not your SUNet ID password. With the correct options, many ssh client programs can create encrypted "tunnels" for otherwise plain-text network protocols. This is the preferred method to make X-window connections from remote computers to pangea.

Pangea will still accept unencrypted logins, including command (telnet), email (POP), file transfers (ftp), and AppleShare connections. As we find encrypted alternatives for these services, we will eventually discontinue the unencrypted logins. Your pangea local password is used for these unencrypted logins. That means it is vulnerable to being captured by a hacker, particularly for off-campus connections. Thus, your local pangea password should not be the same as your SUNet password. If a hacker gets it, you want to limit the number of services he can access.

Windows file sharing connections to pangea use another encryption standard created by Microsoft. These use your local pangea password, which is encrypted by Windows before sending it to pangea.

 


Comments?

Stanford University    |